commit 5aa4c07b85d85a28686cabbcfe256fa310f8475c
author Jarno Lamsa <jarno.lamsa@arm.com> Fri Dec 20 12:42:49 2019 +0200
committer Jarno Lamsa <jarno.lamsa@arm.com> Fri Dec 20 13:09:27 2019 +0200
tree 78d948ffff6f4647f9a2d02d444d308dcd7bf6dd
parent 015aa44b93ae04ac50ccd763a5d152e2c44b0ab0

Minor review fixes

include/mbedtls/entropy.h

diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h
index ca06dc3..52cb6a0 100644
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@@ -83,8 +83,8 @@
 #define MBEDTLS_ENTROPY_MAX_SEED_SIZE   1024    /**< Maximum size of seed we read from seed file */
 #define MBEDTLS_ENTROPY_SOURCE_MANUAL   MBEDTLS_ENTROPY_MAX_SOURCES
 
-#define MBEDTLS_ENTROPY_SOURCE_STRONG   1       /**< Entropy source is strong   */
-#define MBEDTLS_ENTROPY_SOURCE_WEAK     0       /**< Entropy source is weak     */
+#define MBEDTLS_ENTROPY_SOURCE_STRONG   0x7F    /**< Entropy source is strong   */
+#define MBEDTLS_ENTROPY_SOURCE_WEAK     0x0     /**< Entropy source is weak     */
 
 #ifdef __cplusplus
 extern "C" {

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 97069a7..e14f58f 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -125,6 +125,11 @@
 #define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED             -0x6A80  /**< DTLS client must retry for hello verification */
 #define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL                  -0x6A00  /**< A buffer is too small to receive or write a message */
 #define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE             -0x6980  /**< None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). */
+/*
+ * MBEDTLS_ERR_SSL_WANT_READ and MBEDTLS_ERR_SSL_WANT_WRITE are dismissable errors,
+ * therefore the hamming distance to other non-dismissable errors should be
+ * large to prevent bit-flipping a non-dismissable error to dismissable.
+ */
 #define MBEDTLS_ERR_SSL_WANT_READ                         -0xFF6900  /**< No data of requested type currently available on underlying transport. */
 #define MBEDTLS_ERR_SSL_WANT_WRITE                        -0xFF6880  /**< Connection requires a write call. */
 #define MBEDTLS_ERR_SSL_TIMEOUT                           -0x6800  /**< The operation timed out. */

library/entropy.c

diff --git a/library/entropy.c b/library/entropy.c
index 9818a54..b4d1f29 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -258,7 +258,7 @@
 {
     int i;
     volatile int ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE;
-    volatile int have_one_strong_fi = 0;
+    volatile int have_one_strong_fi = MBEDTLS_ENTROPY_SOURCE_WEAK;
     unsigned char buf[MBEDTLS_ENTROPY_MAX_GATHER];
     size_t olen;
 
@@ -276,7 +276,7 @@
             mbedtls_platform_enforce_volatile_reads();
 
             if( strong_fi == MBEDTLS_ENTROPY_SOURCE_STRONG )
-                have_one_strong_fi = 1;
+                have_one_strong_fi = MBEDTLS_ENTROPY_SOURCE_STRONG;
             else
                 return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
         }
@@ -303,10 +303,10 @@
 cleanup:
     mbedtls_platform_zeroize( buf, sizeof( buf ) );
 
-    if( have_one_strong_fi == 1 )
+    if( have_one_strong_fi == MBEDTLS_ENTROPY_SOURCE_STRONG )
     {
         mbedtls_platform_enforce_volatile_reads();
-        if( have_one_strong_fi == 1 )
+        if( have_one_strong_fi == MBEDTLS_ENTROPY_SOURCE_STRONG )
         {
             return( ret );
         }

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 11c6f46..479554d 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2342,7 +2342,7 @@
                                          unsigned char* out,
                                          unsigned add_length_tag )
 {
-    volatile int ret;
+    volatile int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
 
     /*
      * Generate (part of) the pre-master secret as
@@ -2390,7 +2390,7 @@
                                         unsigned char *out, size_t buflen,
                                         size_t *olen )
 {
-    volatile int ret;
+    volatile int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     size_t len_bytes = mbedtls_ssl_get_minor_ver( ssl ) ==
         MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2;
     mbedtls_pk_context *peer_pk = NULL;
@@ -2762,6 +2762,10 @@
                                           unsigned char *buf,
                                           size_t buflen )
 {
+    /*
+     * Initialising to an error value would need a significant
+     * structural change to provide default flow assumes failure
+     */
     volatile int ret = 0;
     unsigned char *p;
     unsigned char *end;

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 611f26f..19bdc90 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1883,7 +1883,7 @@
 
 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
 {
-    volatile int ret;
+    volatile int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );
     ssl->handshake->key_derivation_done = MBEDTLS_SSL_FI_FLAG_UNSET;
@@ -2062,7 +2062,7 @@
             else
             {
                 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
-                return( ret );
+                return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
             }
         }
         else
@@ -2093,7 +2093,7 @@
             else
             {
                 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
-                return( ret );
+                return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
             }
         }
         else
@@ -2122,7 +2122,7 @@
             else
             {
                 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret );
-                return( ret );
+                return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
             }
         }
         else